在 Spring Security 中添加自定义过滤器

发布于 2024-08-26 01:13:21 字数 3032 浏览 2 评论 0原文

我正在尝试制作自定义 AuthenticationProcessingFilter 以在成功登录后在会话中保存一些用户数据,

这是我的过滤器:

package projects.internal;

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.Authentication;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;

public class MyAuthenticationProcessingFilter extends AuthenticationProcessingFilter {


 protected void onSuccessfulAuthentication(HttpServletRequest request,
   HttpServletResponse response, Authentication authResult)
   throws IOException {
  super.onSuccessfulAuthentication(request, response, authResult);
  request.getSession().setAttribute("myValue", "My value is set");
 }
}

这是我的 security.xml 文件,

<beans:beans xmlns="http://www.springframework.org/schema/security"  
 xmlns:beans="http://www.springframework.org/schema/beans" 
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans 
 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security 
                        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

 <global-method-security pre-post-annotations="enabled">

 </global-method-security>
 <http use-expressions="true" auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
  <intercept-url pattern="/" access="permitAll" />
  <intercept-url pattern="/images/**" filters="none" />
  <intercept-url pattern="/scripts/**" filters="none" />
  <intercept-url pattern="/styles/**" filters="none" />
  <intercept-url pattern="/p/login.jsp" filters="none" />
  <intercept-url pattern="/p/register" filters="none" />
  <intercept-url pattern="/p/**" access="isAuthenticated()" />

     <form-login
   login-processing-url="/j_spring_security_check"
   login-page="/p/login.jsp"   
   authentication-failure-url="/p/login_error.jsp" />
  <logout />
 </http>

 <authentication-manager alias="authenticationManager">
 <authentication-provider>
    <jdbc-user-service data-source-ref="dataSource"/>
  </authentication-provider>
 </authentication-manager>

 <beans:bean id="authenticationProcessingFilter" class="projects.internal.MyAuthenticationProcessingFilter">
 <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
    </beans:bean>

    <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    </beans:bean>


 </beans:beans>

它在此处给出错误:

<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />

在这一行找到多个注释:cvc-attribute.3 cvc-复合体-type.4 cvc 枚举有效

有什么问题?

I am trying to make a custom AuthenticationProcessingFilter to save some user data in the session after successful login

here's my filter:

package projects.internal;

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.Authentication;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;

public class MyAuthenticationProcessingFilter extends AuthenticationProcessingFilter {


 protected void onSuccessfulAuthentication(HttpServletRequest request,
   HttpServletResponse response, Authentication authResult)
   throws IOException {
  super.onSuccessfulAuthentication(request, response, authResult);
  request.getSession().setAttribute("myValue", "My value is set");
 }
}

and here's my security.xml file

<beans:beans xmlns="http://www.springframework.org/schema/security"  
 xmlns:beans="http://www.springframework.org/schema/beans" 
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans 
 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security 
                        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

 <global-method-security pre-post-annotations="enabled">

 </global-method-security>
 <http use-expressions="true" auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
  <intercept-url pattern="/" access="permitAll" />
  <intercept-url pattern="/images/**" filters="none" />
  <intercept-url pattern="/scripts/**" filters="none" />
  <intercept-url pattern="/styles/**" filters="none" />
  <intercept-url pattern="/p/login.jsp" filters="none" />
  <intercept-url pattern="/p/register" filters="none" />
  <intercept-url pattern="/p/**" access="isAuthenticated()" />

     <form-login
   login-processing-url="/j_spring_security_check"
   login-page="/p/login.jsp"   
   authentication-failure-url="/p/login_error.jsp" />
  <logout />
 </http>

 <authentication-manager alias="authenticationManager">
 <authentication-provider>
    <jdbc-user-service data-source-ref="dataSource"/>
  </authentication-provider>
 </authentication-manager>

 <beans:bean id="authenticationProcessingFilter" class="projects.internal.MyAuthenticationProcessingFilter">
 <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
    </beans:bean>

    <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    </beans:bean>


 </beans:beans>

it gives an error here:

<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />

multiple annotation found at this line:cvc-attribute.3
cvc-complex-type.4
cvc-enumeration-vaild

what is the problem?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

笑饮青盏花 2024-09-02 01:13:21

我不认为这在 Spring Security 3.0 模式中是有效的过滤器位置。查看 安全命名空间配置。我再也看不到它了。也许尝试BASIC_AUTH_FILTER

I don't believe that's a valid filter position in Spring Security 3.0 schema. Check out Security Namespace Configuration. I don't see it listed anymore. Perhaps try BASIC_AUTH_FILTER

鸠魁 2024-09-02 01:13:21
  • AUTHENTICATION_PROCESSING_FILTER 不是有效的过滤器别名,您应该使用 FORM_LOGIN_FILTER
  • 应放在
  • AUTHENTICATION_PROCESSING_FILTER is not a valid filter alias, you should use FORM_LOGIN_FILTER.
  • <custom-filter> should be put inside <http>
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文